Overview

Risk Advisory Services

Tax and Regulatory

Financial Advisory Services

SERVICES >  Risk Advisory Services  >  IT Advisory  >  IT attestation

IT Attestation

In today’s competitive environment, organizations are seeking every opportunity
to reduce cost and increase efficiency and value for customers. A popular
measure for gaining a cost and competitive advantage is to steadily increase the
amount and scope of work outsourced. Today, outsourced processes frequently
deal directly or indirectly with initiating, recording, processing and reporting a
company’s transactions, which can have a direct impact on the company’s
financial statements. Driven by regulatory requirements such as the Sarbanes-
Oxley Act and increased pressure from shareholders and the boardroom, clients
of service organizations (service providers) are increasingly demanding evidence
of effective controls.

One of the most effective ways for a service organization and a user of such
services to communicate information about the service organizations’ internal
controls is through a Statement of Auditing Standards (SAS) No. 70 report, a
Service Auditor’s Report. An audit conducted in accordance with SAS No. 70 is a highly specialized audit of the design and operational effectiveness of a service organization’s internal controls over processing transactions for user
organizations. There are two types of SAS 70 reports that may be issued on
service organizations:

• A report on controls placed in operation as of a specific date (Type I)
• A report on controls placed in operation and test of operating effectiveness
  over a period of time (Type II)
  
  

What We Do

KPMG in India understands the outsourcing industry. The KPMG member firms
globally audit more than half the Fortune 1000 software companies and provide
service to a majority of these institutions, who include hosting and outsourcing
as part of their core business model.We are well positioned to provide guidance
and excellent service to both outsourcing vendors and organizations considering
the effects of outsourcing on their business.

We perform a ‘pre-SAS 70’ or ‘ Diagnostic’ review for organizations that do not
have clarity of information. This focuses on the key areas that would be covered
in an upcoming SAS 70 examination.While performing the SAS 70 examination,
we are responsible for

• Determining the suitability of the design of controls, and performing procedures to determine if the controls are placed in operation
• Defining and conducting tests to determine that controls and procedures
  defined by the service organization are operating effectively through the entire
  period of the review

We also offer other IT Attest Services like Trust Services (WebTrust and SysTrust), and other country-specific attestation offerings, including the KPMGWebSeal.

Trust services

• WebTrust, developed by the AICPA and its Canadian counterpart CICA, allows us to examine the practices, policies, and procedures of companies doing business on the Internet and to award a KPMG-brandedWebTrust seal of approval to those companies that meet defined criteria for business practices disclosures, transaction integrity, and information protection.
• SysTrust, an assurance service developed by the AICPA and CICA, examines
  a company's systems for overall availability, security, integrity, and
  maintainability.

KPMG WebSeal

• In a KPMGWebSeal engagement, we evaluate an aspect of an organization's
  Web site or operations and issue a report or statement testifying to the
  results of that review. The KPMG logo, orWebSeal, may be added to the
  organization'sWeb site and linked to the report that is issued. Processes
  examined in aWebSeal review include privacy,Web site security,
  confidentiality, and systems and controls.

Back

For further details contact us